spectre

  1. E

    Spectre RETurns with new speculative execution vulnerabilities: Retbleed

    It's that time of month. Spectre returns with new vulnerabilities and corresponding performance-crippling mitigations for affected x86 Intel and AMD CPUs. Retbleed: Arbitrary Speculative Code Execution with Return Instructions "Retbleed (CVE-2022-29900 and CVE-2022-29901) is the new addition...
  2. S

    According to Google’s JavaScript team; Spectre mitigation doomed to failure

    Working Link --> blog/spectrev8.dev/blog/spectre
  3. AlphaAtlas

    New Speculative Execution Bug Allegedly Affects Intel CPUs

    Back in 2018, when the Spectre and Meltdown vulnerabilities were first publicized, many security experts feared that they opened a figurative Pandora's box. Those two exploits are part of a wider class of potential speculative execution flaws, and this week, those fears were realized, as...
  4. AlphaAtlas

    Linux 5.0 Release Includes FreeSync Support and Spectre Mitigation

    The Linux 5.0 kernel has been released, and among other things, it officially adds support for freesync displays on AMD GPUs. Phoronix notes that AMD previously supported FreeSync on Linux, " via their hybrid driver package with its DKMS module in Radeon Software," but posted a tutorial for...
  5. AlphaAtlas

    Spectre and Meltdown Patches Responsible for Some Nvidia Driver Slowdown Claims

    Some users have accused Nvidia of slowing down old graphics cards with recent driver updates. Tech YES City's viewers asked about that issue, and in a separate video, the YouTuber put it to the test. While he didn't find any evidence to corroborate those claims, he did find a discrepancy between...
  6. AlphaAtlas

    MIT's DAWG Mitigates Spectre and Meltdown

    Researchers at MIT have built a new security measure on top of Intel's Cache Allocation Technology. Dynamically Allocated Way Guard, or DAWG, is built to isolate programs from each other without the performance overhead of Intel's CAT. The technology only requires "minor modifications to the...
  7. cageymaru

    The Performance Cost of Security Mitigation on Linux 4.19

    Michael Larabel from Phoronix has run three Intel Xeon and two AMD EPYC systems through a battery of testing including a virtual machine to determine the performance cost that security mitigation patches such as Spectre, Meltdown, and Foreshadow have had on the platforms under Linux. The Linux...
  8. DooKey

    Spectre and Meltdown in Hardware: Intel Clarifies Whiskey Lake and Amber Lake

    Intel has said they are working on hardware fixes for Spectre and Meltdown, but they haven't been very specific about things lately. Anandtech decided to give them a ring and Intel told them a few more things about their upcoming processors. Amber Lake will not have any hardware fixes since it...
  9. cageymaru

    Microsoft Patch Tuesday Addresses Intel L1 Terminal Fault Vulnerability

    Microsoft Patch Tuesday has implemented fixes and improvements to address the newly disclosed Intel L1 Terminal Fault (L1TF). AMD's Bulldozer and Jaguar processors reclaim lost performance as an issue that caused high CPU usage and degradation with Family 15h and 16h AMD processors was...
  10. cageymaru

    Intel Has Disclosed New Security Flaws that Affect SGX and Virtualization

    Intel has disclosed a new set of security flaws collectively called the L1 Terminal Fault (L1TF). These flaws were discovered in conjunction with researchers at KU Leuven University and other universities. The researchers call their discoveries Foreshadow and Foreshadow - Next Generation (NG)...
  11. cageymaru

    NetSpectre: A Remote Spectre Attack Without Attacker-Controlled Code on the Victim

    Remember our coverage of Spectre? Well researchers at the Graz University of Technology have a working model of how to read arbitrary memory over a network called NetSpectre. NetSpectre attacks have been shown to work over LAN and Google Cloud. The computers being attacked do not need to run...
  12. cageymaru

    Mitigating Spectre with Site Isolation in Chrome

    The Google Security Blog has showcased a newly enabled Chrome feature that helps to protect against speculative execution side-channel attacks like Spectre. Site Isolation limits each renderer process to documents from a single site. To put this in context, previously Chrome allowed cross-site...
  13. cageymaru

    Intel Spectre Vulnerabilities Now Have a Release Schedule

    Intel has adopted a release schedule for new Spectre vulnerability disclosures. According to The Register, starting today new patches will be released quarterly to patch the latest exploits. This is akin to the Windows Patch Tuesday. I never thought that hardware would have a patch release...
  14. O

    How do you test for Spectre/Meltdown vulnerability? In what CPU will it be fixed at hardware level?

    Two questions: How do you test or check for Spectre / Meltdown vulnerability? Do we know, yet, in what CPU these will be fixed at hardware level? So will 9th generation Intel CPU's be "immune" for example? I ask the second question because it seems like new "variants" of the above...
  15. DooKey

    Intel Announces New Speculative Execution Side Channel Vulnerability

    There's a new Core processor vulnerability that Intel has just announced and they consider this one to be of moderate severity. The Lazy FP state restore technique is the cause of this vulnerability and Intel is recommending that developers use the Eager FP state restore instead of Lazy FP state...
  16. S

    MSI X99S XPOWER AC Spectre/Meltdown BIOS?

    Hey guys, Back in January MSI put out a press release that they were coming out with a new BIOS for a ton of mobos - including my X99S XPOWER AC - http://www.guru3d.com/news-story/msi-releases-bios-updates-to-address-recent-vulberabilities.html - however, the firmware mentioned (E7881IMS.1C0)...
  17. DooKey

    Spectre Next Generation is Coming Whether we Like it or Not

    According to the folks over at c't spectre isn't over it's just moving on to the next generation. They say Spectre NG has been confirmed as eight flaws in Intel CPU's that haven't been revealed yet and that some ARM and possibly AMD vulnerabilities are possible as well. So watch out people...
  18. J

    Spectre Next Generation

    Eight new vulnerabilities found on Intel processors https://www.ghacks.net/2018/05/03/spectre-next-generation-vulnerabilities/
  19. R

    CPU Utilization is Wrong

    In May of last year, senior performance architect at Netflix, Brendan Gregg posted an interesting article about how the "%CPU" metric is wrong, and is progressively getting worse. Now, Brendan expands on his findings in a 5 minute video from the Southern California Linux Expo. The UpSCALE...
  20. R

    Intel Finishes Spectre Patching, Some Older CPUs Not Included

    A report from PCWorld states that Intel has finished with its microcode updates for the Spectre vulnerability found in its processors, however unfortunately, Intel has not provided updates for all of them. According to the Intel Microcode Revision Guidance paper, last updated April 2nd, Penryn...
  21. FrgMstr

    Intel Is Unable Deliver a Microcode Patch Some Older CPU Models

    Intel has released a document that explains which CPUs will not receive a Spectre / Meltdown patch. Chipzilla believes that these CPUs are typically implemented in closed systems and are expected to have a lower likelihood of exposure to vulnerabilities. Also it was deemed not practical to...
  22. DooKey

    AMD Jabs Intel Good Over Spectre/Meltdown Problems

    AMD has a nice little sign set up in their booth over at Cloudfest in Germany. In a nut shell they take a nice little shot at Intel over their Spectre/Meltdown woes. You have to see it to believe it and I'm sure you'll love it as much as I did. Check out the twitter post that brought this to...
  23. DooKey

    Microsoft Joining Intel in Offering $250K Bounty for Speculative Execution Bugs

    Microsoft isn't the most loved company around, but this time they are doing something good and putting their money where their mouth is and offering up to a $250K bounty for finding vulnerabilities like Spectre. Intel is offering the same kind of cash and I guess Microsoft thought it might be a...
  24. DooKey

    Intel Releasing New Server Chips This Year That Block Spectre Attacks in Hardware

    Brian Krzanich (Intel CEO), stated that Intel will be releasing new server chips (Cascade Lake) this year that block Spectre attacks in hardware. They are including partitioning technology in the new chips that prevents snooping between applications. Hopefully this new technique they are using...
  25. R

    Microsoft Admits It Incorrectly Upgraded Some Windows 10 Users To V1709

    Microsoft has admitted that it incorrectly updated some Windows 10 machines to version 1709 despite users having paused update operations in their OS settings according to a report from BleepingComputer. Only users that were on V1703 were affected, in that version Microsoft added special...
  26. R

    Intel Issues Spectre and Meltdown Microcode Updates for Sandy and Ivy

    According to Intel's Microcode Revision Guidance paper, they have released new microcode updates for Sandy Bridge and Ivy Bridge to deal with the Spectre and Meltdown vulnerabilities. Next up are Westmere Xeons, Nehalem Xeons, as well as some Arrandale and Clarkdale CPUs, with Arrandale...
  27. DooKey

    Microsoft Announces New Meltdown/Spectre Updates

    Microsoft is making some Intel microcode updates available for the Fall Creators Update, but these are only for specific Skylake processors. This update is currently available here. Also, Microsoft isn't letting up on antivirus companies and they are going to continue with stringent...
  28. FrgMstr

    New Microcode for Broadwell and Haswell CPUs

    There are many of us that have "old" Intel CPUs that are wondering when we will see UEFI updates for those Broadwell and Haswell based systems that address Spectre security exploits. Microcode for those is now in the wild and hopefully with motherboard manufacturers to qualify so that those...
  29. DooKey

    Intel Didn't Tell Government About Meltdown/Spectre Because They Couldn't Help With Fix

    Back in January after the Meltdown/Spectre threat became public knowledge members of Congress sent letters to Intel and others to ask them why they didn't tell the government about the problems. According to letters sent back to Congress it came down to the fact that Intel didn't feel it was...
  30. R

    Intel Releases Updated Microcode For Meltdown and Spectre

    Intel has announced that it has released production microcode updates to OEM manufacturers for Kaby Lake, Coffee Lake, and Skylake platforms. Along with this announcement, Intel has finally given us a schedule and availability table for the microcode revisions that can be found here. Nice to...
  31. DooKey

    Two New Meltdown/Spectre Variants Found

    It appears that the meltdown/spectre rabbit hole is deeper and more twisted than we realized. Researchers from Princeton and Nvidia have found two new variants they call MeltdownPrime and SpectrePrime. The good news about these is current software mitigation should prevent any attack using the...
  32. DooKey

    Intel Continuing to Work on Spectre/Meltdown Patches

    Navin Shenoy, of Intel, says they have found the problem with the reboot issue on Broadwell and Haswell firmware updates and they have released more microcode for their Skylake platforms to the OEMs. The plan is to continue to test the updates and release them as soon as possible to the field...
  33. FrgMstr

    Expect the Spectre....and Meltdown Soon

    Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon. We all know this is coming, but just when has been the real question. As Intel is scrambling to get fixes out that do not cause more problems than those...
  34. R

    Congress Has Questions About Meltdown and Spectre

    Congress has some questions about Meltdown and Spectre, and they are calling out those involved. Members of the Committee on Energy and Commerce have drafted letters to the heads of several companies involved in the security flaw. The companies whose CEO's received letters are; Apple, Amazon...
  35. R

    Intel Plans To Have Spectre & Meltdown-Proof CPUs This Year

    Slashgear is reporting that intel plans to have versions of its processors that address the Spectre and Meltdown security flaws on the market later this year. News on the processor update came during the earnings call with Intel CEO Brian Krzanich, after the company announced...
  36. R

    Linus Torvalds Rips Into Intel

    In a public email chain, the Linux inventor Linus Torvalds, and David Woodhouse, engineer at Amazon in the UK discuss Intel's "fix" for Meltdown/spectre. Never one to pull punches Torvalds exclaims "the patches are COMPLETE AND UTTER GARBAGE." I can't even pretend to understand the technical...
  37. FrgMstr

    Intel Patches Causing Big Reboot Issues Confirmed

    As we reported back on January 12th, there were widespread reports of Intel's Meltdown and Spectre patches causing spontaneous reboots on systems. (I think we have dealt with the issue here once in the past week.) Now Intel is suggesting that you NOT roll out those patches as those seem to be...
  38. R

    Microsoft Resumes Meltdown & Spectre Updates for AMD Devices

    A report from BleepingComputer states that Microsoft is resuming the rollout of security updates for AMD devices to patch the Meltdown and Spectre vulnerabilities. Microsoft had halted the rollout for AMD-based machines on January 9th, after their patch left users with PCs that were crashing...
  39. Pieter3dnow

    Windows 10 unbootable fix meltdown spectre

    http://www.zdnet.com/article/windows-10-meltdown-spectre-patch-new-updates-bring-fix-for-unbootable-amd-pcs/
  40. FrgMstr

    Intel Random Restart Bug & Data Center Performance After Patches

    Back on January 11, Intel started seeing reports of random system reboots after applying Meltdown and Spectre patches on Intel Broadwell and Haswell CPUs. Seems as if this was not an isolated occurrence and this has now been verified with other Intel partners. And this looks to be hammering a...
Top